8.3

CVE-2018-2487

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPDisclosure Management Version10.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.52% 0.713
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.3 1.6 6
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832
Vendor Advisory
http://www.securityfocus.com/bid/105908
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2701410
Vendor Advisory
Permissions Required